AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約

generate a presigned URL with aws-iot-device-sdk-embedded-C

0

Is is possible somehow to generate a presigned URL with the aws-iot-device-sdk-embedded-C?

I've been looking at the demo http_demo_s3_download which I can run successfully.

I tried to add in http_demo_s3_download.c, just after

    if( returnStatus == true )
    {
        LogInfo( ( "The file is %d bytes long.", ( int32_t ) *pFileSize ) );

The following code:

        char ota_temp_url[2048] = "https://" \
                                  AWS_S3_ENDPOINT \
                                  AWS_S3_URI_PATH \
                                  "?response-content-disposition=inline";
        strcat(ota_temp_url, "&X-Amz-Security-Token=");
        strncat(ota_temp_url, pSecurityToken, securityTokenLen);
        strcat(ota_temp_url, "&X-Amz-Algorithm=");
        strcat(ota_temp_url, SIGV4_AWS4_HMAC_SHA256);
        strcat(ota_temp_url, "&X-Amz-Date=");
        strncat(ota_temp_url, pDateISO8601, SIGV4_ISO_STRING_LEN);
        strcat(ota_temp_url, "&X-Amz-SignedHeaders=host");
        strcat(ota_temp_url, "&X-Amz-Expires=3600");
        strcat(ota_temp_url, "&X-Amz-Credential=");
        {
            char* pchar_start = strstr(pSigv4Auth, " Credential=");
            if (pchar_start) {
                char* pchar_end = strstr(pchar_start, ",");
                if (pchar_end) {
                    strncat(ota_temp_url, pchar_start+12, pchar_end-pchar_start-12);
                }
            }
        }
        strcat(ota_temp_url, "&X-Amz-Signature=");
        strncat(ota_temp_url, signature, signatureLen);
        LogInfo( ( "ota_temp_url=%s", ota_temp_url ) );

This is generating a URL with the correct syntax but I'm failing to understand what's wrong as the answer I get is:

<Error>
<Code>InvalidToken</Code>
<Message>The provided token is malformed or otherwise invalid.</Message>
<Token-0>IQoJb3JpZ2luX2VjEMb//////////wEaDGV1LWNlbnRyYWwtMSJGMEQCIBrv7gABmZniPAwon17t1bJQP7f7QilcTJU3QM0 XKVAiBEs/69RoSRWLOlM3uwtIhQA7kz8rnJmOzREgCzyumHiyrnAwi///////////8BEAAaDDM0NjQ0NDczNTIyNiIM08c2idyZjLoTyrxEKrsDSqeQAZ// oou4ENh2LylLXIVS9tlsB82Jg96 v2a jtM81N fXia5DD9v/IthIJrm8E TDkmkg09L7nwpgyB5ombnXfiv6jNaZTjR W3GR/NGh33nLCh9eywgfovbf2BD8TKgBU6ke74TGuxm3phFzW2K1OgCtP4oDUq94e432SKaZJsiD97jA20MX8IfVwD6xwBX0N25RHilQDipgl/DqeR3hvZqlZmIzIvzNvJ6OStuhMIGX5uKg4Dy4/zwNWfIGGr6AhR6XT9e3qESihLXWapMb0kVVxupVOteqdgbGpl3NbmJdBWVQ1YhKfVhXCXo8fWdHtFomCxJfu15o4YKMWwLPWPADu/TTI2DXdcCYY32cyVy54DjmEQnL5kXI7QOv3c3mS1FE56XlUK8eoR4rwXL9cUXsNrbCTPFOeasxlohZ4e jVASLl RQx3Xh2v1dvPKCGtywBgc0MLXvPiAWxnpnraGrpsksXXY6DsWYbIsnHBuomblCzF5N1T85EBP2VQbsUo1U9ez xL8WVgKZqUaF4kxTwZEBF5FaZelFY9Lle ActCn2C41yRJ0XSSWrdasSI t77YOcww7bbqAY6mwGn6MspGaXNR AWi5qQbcH6Hxee4s L74ZEcGrnK91IcuJ djHfLhLRUJIEUJLruGnkgqdP9DZmcv1TmLrr2vByWkFG867SSF2slWzbtwWIrML/7jxI KTSou5wPHQC3fvjFboQ5f0ub5wUott/bmneKo7Np2QtjmpiKQi7JHazcP2vRxBmzQ6JpLBXWsXuDVzeYLfsIgvPV/mG0A==</Token-0>
<RequestId>EE873P33F22DW1K6</RequestId>
<HostId>cljT52u0sAuOuzSohPGVOW9hxaCMuHd/hOEEkCMj8hTWf9guhbDzwC4J5W49QTQeww3kgrB2e3Yeax5ieI2MCw==</HostId>
</Error>

Can anybody help me?

profile picture
質問済み 1年前533ビュー
2回答
1
承認された回答

Hi,

Can you compare the URL that you create to the one generated by 'aws s3 presign' with same input parameters?
See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3/presign.html

That should help determine where your problem is. (it's very often in the signature)

Best,

Didier

profile pictureAWS
エキスパート
回答済み 1年前
  • You were actually right Didier, I had an issue with the signature that I could adjust comparing with 'aws s3 presign'. Unfortunately now it complains about the (temporary) AccessKeyId that I get in the same demo, which does allow me to download the file but apparently is not allowed to generate a presigned URL. <Code>InvalidAccessKeyId</Code> <Message>The AWS Access Key Id you provided does not exist in our records.</Message>

1

Hi Giuseppe.

Is is possible somehow to generate a presigned URL with the aws-iot-device-sdk-embedded-C?

This SDK has no specific support for that. It's not something a constrained device that uses this SDK would typically do. A more common workflow is for the cloud to generate the presigned URL and send it to the device over MQTT. The following blog shows this kind of workflow for the case of S3 upload, but a similar workflow for download could be used: https://aws.amazon.com/blogs/iot/securely-ingesting-large-sized-payloads-from-iot-devices-to-the-aws-cloud/

Likewise, AWS IoT Jobs includes support for presigned URLs in job documents: https://docs.aws.amazon.com/iot/latest/developerguide/create-manage-jobs.html#create-manage-jobs-presigned-URLs. This demo uses this functionality: https://github.com/aws/aws-iot-device-sdk-embedded-C/blob/main/demos/ota/ota_demo_core_http/ota_demo_core_http.c

profile pictureAWS
エキスパート
回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ